Willis Report: Majority of Public Companies Indicate Cyber Attack Would Cause "Serious Harm" or "Adversely Impact" Their Firms

Willis Report: Majority of Public Companies Indicate Cyber Attack Would Cause
"Serious Harm" or "Adversely Impact" Their Firms

Organizations Identify Top Cyber Threats in Response to SEC Guidelines, but
Report Suggests Many Firms May be Overlooking Critical Exposures

NEW YORK, June 10, 2013 (GLOBE NEWSWIRE) -- A majority of the U.S. listed
Fortune 500 firms are following the U.S. Securities and Exchange Guidelines by
providing some level of disclosure regarding cyber exposures, with more than
half indicating their firms would face "serious harm" or be "adversely
impacted" due to a cyber-attack, according to a recent report by Willis North
America, a unit of Willis Group Holdings (NYSE:WSH), a leading global risk
advisor, insurance and reinsurance broker.

The Willis Fortune 500 Cyber Disclosure Report, 2013, published today, are the
results of an effort launched last year to track organizations' response to
SEC Guidance issued in October 2011, asking U.S. listed companies to provide
extensive disclosure on their cyber exposures.

The report found that 88% of the Fortune 500 are following SEC Guidelines as
of April 2013 and providing "some level" of disclosure regarding cyber
exposures. However, some companies within particular industries that would
seem to have exposures, were silent, Willis said. Among those silent were: an
insurance company, a pharmaceutical company, a restaurant chain and a health
care firm – "all of which would seem to have some level of cyber risk when
compared to the disclosures of their peers," the report said.

The top three cyber risks identified by the Fortune 500 include:

  *Loss of theft of confidential information (65%)
  *Loss of reputation (50%)
  *Direct loss from malicious acts (hackers, virus) (48%)

Commenting on the survey, Chris Keegan, Senior Vice President, National
Resource E&O and e-risk, Willis North America and co-author of the report,
said, "Many of the results are not surprising as we know firms are actively
taking steps to assess and mitigate their cyber risk, even if they have not
been able to quantify a dollar amount associated with the risk."

"However, we also see some surprising results which suggests some firms may be
overlooking critical exposures," Keegan said. "For example, only one out of
five firms mention cyber-terror (20%) as a factor, despite the heightened
emphasis on cyber-terror by the U.S. government. In addition, only one out of
ten firms detailed cyber threats caused by the acts of outsourced vendors.
This runs contrary to what we see in our day to day practice given the high
frequency of cyber events stemming from outsourced vendors,"he said.

When it comes to protection against cyber risk, only 6% of companies mentioned
that they purchased insurance to cover cyber risks "even though recent market
surveys are showing significantly higher take up rates for cyber insurance
among public companies," Keegan said.Meanwhile 52% of firms referred to
technical solutions they have in place, but a significant number (15%) also
indicated they do not have the resources to protect themselves against
critical attacks, the report said.

Ann Longmore, Executive Vice President, FINEX, Willis North America and
co-author of the report cautions about the other potential impacts of cyber
risk, particularly on Directors and Officers Liability. "D&O liability risk
may be heightened for companies that experience cyber breaches if cyber risk
disclosures are deemed not to meet SEC standards and a significant loss were
to occur.This may be especially true if peers have provided more detailed
disclosure," she said.

Willis' study is on-going and will be expanded to examine the Fortune 1000. A
copy of the full report can be downloaded here:
http://blog.willis.com/downloads/cyber-disclosure-fortune-500/ .

About Willis

Willis Group Holdings plc is a leading global risk advisor, insurance and
reinsurance broker. With roots dating to 1828, Willis operates today on every
continent with more than 17,000 employees in over 400 offices. Willis offers
its clients superior expertise, teamwork, innovation and market-leading
products and professional services in risk management and transfer. Our
experts rank among the world's leading authorities on analytics, modelling and
mitigation strategies at the intersection of global commerce and extreme
events. Find more information at our website, www.willis.com, our leadership
journal, Resilience, or our up-to-the-minute blog on breaking news,
WillisWire. Across geographies, industries and specialisms, Willis provides
its local and multinational clients with resilience for a risky world.

CONTACT: Media: Colleen McCarthy
         + 212 915 8307
         Email: colleen.mccarthy@willis.com
        
         Investors: Peter Poillon
         +1 212 915 8084
         Email: Peter.Poillon@willis.com